a shopper walks past an AT&T sign outside a store in PA.
Image Credits:Mark Makela / Getty Images
Security

DOJ confirms arrested US Army soldier is linked to AT&T and Verizon hacks

U.S. prosecutors have formally linked the arrest of a serving U.S. Army soldier in December to a massive theft of U.S. phone records from AT&T and Verizon last year.

Authorities arrested Cameron John Wagenius, a U.S. Army communications specialist, in Texas on December 20 following a brief two-page grand jury indictment accusing the U.S. serviceperson of two counts of unlawfully transferring confidential phone records. Wagenius was later extradited to Washington state.

In a new court filing on Friday, U.S. prosecutors confirmed that the charges against Wagenius are related to the earlier indictment of two alleged hackers, Connor Moucka and John Binns, who the U.S. government accuse of multiple intrusions at cloud computing company Snowflake that saw the mass-theft of data stored in its customer accounts. The Snowflake customers whose data was stolen include AT&T, which had โ€œnearly allโ€ of its customer call records through 2024 exfiltrated from its Snowflake account, and Verizon, from whom a substantial cache of customer call logs was taken.

U.S. Attorney Tessa Gorman told the Seattle court that, โ€œboth cases arise from the same computer intrusion and extortion and include some of the same stolen victim information,โ€ and as such, โ€œthese cases rely on overlapping evidentiary material and legal process and arguably present common questions of law and fact.โ€

This is the first public acknowledgement by prosecutors that Wageniusโ€™ charges are connected to last yearโ€™s breaches at cloud computing company Snowflake. Security journalist Brian Krebs first reported on the link between Wagenius and the Snowflake hacks in November, and later broke the news of Wageniusโ€™ arrest.

The account hacks at Snowflake became one of the most wide-reaching cyberattacks of last year, affecting AT&T, LendingTree, Santander Bank, Ticketmaster, and at least 160 other companies. The hackers allegedly stole huge banks of personally identifiable and sensitive corporate data that companies stored in Snowflake, in part by using passwords stolen from employee computers with malware. Most of the affected Snowflake customers were not using multi-factor protection, which Snowflake did not require of its customers at the time.

According to Krebsโ€™ reporting, following the earlier arrest of Moucka by Canadian authorities, Wagenius claimed in a post on a known cybercrime forum to have access to the call logs of Vice President Kamala Harris and then-President-elect Donald Trump, and threatened to leak all of the stolen files unless Moucka was released.

Prosecutors accuse the Snowflake hackers of stealing data that includes personal information, cell phone and IMEI numbers, dates of birth, postal and email addresses, passwords, Social Security numbers, government-issued identity numbers, as well as payment card and bank account numbers.

Wagenius was ordered on January 8 to be detained, and is understood to be in custody in Washington state.

Topics

, , , , , , , ,

Related

Disrupt 2025 is just around the corner! Join the waitlist now to lock in your ticket at the lowest price.

Disrupt 2025 is just around the corner! Join the waitlist now to lock in your ticket at the lowest price.

Join the Waitlist
Some areas of this page may shift around if you resize the browser window. Be sure to check heading and document order.